Forum:Account phishing spam to my Wowpedia email?

Today I received a WoW account phishing email to the email address I set up specifically for use on this site (via my own domain and a forwarding service). This is the first such email I've ever had related to WoW, and I'm rather concerned that it's arrived to an email address I don't use anywhere but here. I was wondering if someone could give me an explanation for why this might have happened? Thanks.

--Aretak (talk) 14:38, 18 January 2011 (UTC)

Not sure how that would be possible. E-mail addresses are not revealed by the wiki software unless you revealed them yourself. --Pcj (TDrop me a line!•C207,729 contributions and counting) 14:46, 18 January 2011 (UTC)

Checked with Curse, they are not doing anything with your e-mail address. I suspect you may have malware or did in fact use the e-mail somewhere else. --Pcj (TDrop me a line!•C207,729 contributions and counting) 15:38, 18 January 2011 (UTC)

I got the same thing today, its wowpedia at mydomain dot com and I have only ever used it here Scotepi (talk) 20:28, 22 January 2011 (UTC)

Curse is checking with their technical team to see if there is something going on with data getting out. --Pcj (TDrop me a line!•C207,729 contributions and counting) 20:32, 22 January 2011 (UTC)

I post on the Customer Support forums and they said something that could be true. You remember in War Games how the main character called all those phone numbers? That's similar to what the hackers do. Of course, it could be false, but I thought it was worth mentioning and I trust the person. -Abrahams (talk) 22:36, 24 January 2011 (UTC)

I also received today a phishing email to the account that I use only for this site. I happen to have access to the logs at my mail server, so I checked them, and the phishers only sent that email to one account on that server. So they were not trying to guess all possible email addresses, it was targeted directly at the address I entered on this site. I'm not very familiar with MediaWiki, so I may have left my email address visible here. Can anyone check if you can see my email address here? I haven't changed my settings since the day I signed up. -- Jenneth (talk) 14:39, 7 February 2011 (UTC)

Same here. (Luckily) I used a spamgourmet-address to sign up with WowPedia. I also received the phishing-mail. It was the second mail that was received by this email-address (after the account confirmation). Somewhere seems to be a data leak. --TorPedo (talk) 15:09, 7 February 2011 (UTC)

Also, the html on every page says <meta name="generator" content="MediaWiki 1.16.0" />, and if that's indeed true, it might be a good idea to ask the server admins to update to version 1.16.2, since there have been security updates since 1.16.0 (see http://www.mediawiki.org/wiki/News). I don't suspect that those patches would have caused a leak, but it's a good idea to stay on top of the security patches in any case. -- Jenneth (talk) 15:17, 7 February 2011 (UTC)

I changed my email address and looked at the headers. I didn't see any version information there, so maybe they updated or maybe its just a random header the spammer put on. Scotepi (talk) 02:29, 8 February 2011 (UTC)

The version is from the source of the wiki pages, like this forum page for example, not the email headers. The wiki software on the Wowpedia site is missing 2 security patches, and that makes the site vulnerable to XSS attacks. Just like we all are expected to keep our computers updated with all the security patches, the server administrators are expected to keep the servers updated with all security patches. -- Jenneth (talk) 10:25, 8 February 2011 (UTC)

I love all the spam that I am getting to this unique address now, im going to change it and see if it goes to the new one or still the old one. Scotepi (talk) 02:25, 8 February 2011 (UTC)

I just got one today. I do not use this email address anywhere but here, and its an "obfuscated" address which wouldn't be easy to guess, not just a random attempt of wowpedia@some_domain. Headers do not indicate that they sent it through this site via some kind of exploit on the email user form, as it came from a yahoo account? Received: from nm21.bullet.mail.bf1.yahoo.com (nm21.bullet.mail.bf1.yahoo.com [98.139.212.180]) by <my mail server> (Postfix) with SMTP id 2C43014124C for <my wowpedia email address>; Mon, 7 Feb 2011 18:56:54 +0000 (GMT) Received: from [98.139.212.151] by nm21.bullet.mail.bf1.yahoo.com with NNFMP; 07 Feb 2011 18:56:55 -0000 Received: from [98.139.213.13] by tm8.bullet.mail.bf1.yahoo.com with NNFMP; 07 Feb 2011 18:56:55 -0000 Received: from [127.0.0.1] by smtp113.mail.bf1.yahoo.com with NNFMP; 07 Feb 2011 18:56:55 -0000
Of course, this email sig also gave it away:
Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around Zoon (talk) 06:56, 8 February 2011 (UTC)

I heard back from Curse, they've investigated it but haven't seen any proof either way. They are implementing a stricter security policy organization-wide and hired someone to watch this more closely. --Pcj (TDrop me a line!•C207,729 contributions and counting) 20:13, 8 February 2011 (UTC)

Cool stuff. Given its come to a dedicated, obfuscated address, via a third party server means that more than likely its being harvested somehow. I feel sorry for the people who actually click the links and give up their account details! Glad its in hand. Zoon (talk) 21:50, 9 February 2011 (UTC)

Received more yesterday. Going to change my email address to get some idea if it was harvested, or someone has access to the current address. Zoon (talk) 21:38, 3 March 2011 (UTC)

I change my wowpedia email back in February and I noticed today that I got some spam sent to it back on June 4th. It wasn't from yahoo this time, I can't decipher anything out of the headers other then it claiming to be X-Mailer: Microsoft Outlook Express 6.00.2800.1106 because of how I have email routing setup. Scotepi (talk) 15:58, 15 June 2011 (UTC)